<?php
session_start();

if(isset($_SESSION['hostz-user']) && isset($_SESSION['hostz-passwd'])) { header("Location: ctrl.php"); }
if(isset($_SESSION['hostz-vpspanel-user']) && isset($_SESSION['hostz-vpspanel-passwd'])) { header("Location: vps-panel.php"); }

include("config.php");

include_once("header.php");

echo "<div class='ptitle'>$title: $desc ~ login</div>\n\n";

if(isset($_GET['action']))
{
	$action = $_GET['action'];
	if($action=="filehost")
	{
		if($_POST['hostzusername']!="" && $_POST['hostzpassword']!="")
		{
			$username = $_POST['hostzusername'];
			if(file_exists("users/$username.php"))
			{
				$password = $_POST['hostzpassword'];
				include("users/$username.php");
				if($user_password==$password)
				{
					$_SESSION['hostz-user'] = $_POST['hostzusername'];
					$_SESSION['hostz-passwd'] = $_POST['hostzpassword'];
					echo "Logged in, <a href=\"ctrl.php\">Redirecting to control panel in 3 seconds</a><meta http-equiv='refresh' content='3;url=ctrl.php'>";
				}
				else
				{
					echo "Error: Wrong password";
				}
			}
			else
			{
				echo "Error: User not found.";
			}
		}
		else
		{
			echo "Error: No username or password provided";
		}
	}
}
else  
{
	print <<<EOD
	<div class="form">
		<form method="post" action="login.php?action=filehost">
		<table>
		<tr>
			<td>Username:</td>
			<td><input type="text" name="hostzusername"></td>
		</tr>
		<tr>
			<td>Password:</td>
			<td><input type="password" name="hostzpassword"></td>
		</tr>
		<tr>
			<td>Go!</td>
			<td><input type="submit" value="Login"></td>
		</tr>
		</table>
		</form>
	</div>
EOD;

}

include_once("footer.php");
?>
